Organizations / CMS

CMS

Centers for Medicare & Medicaid Services (Technical Reference Architecture) · www.cms.gov/tra/Foundation/FD_0080_Foundation_AI_Guidance.htm

CMS — the US agency for Medicare & Medicaid — publishes AI Guidance in its Technical Reference Architecture: concrete business rules (BR-AI-1..6) and operational practices for using AI responsibly with sensitive healthcare data. Where the NIST AI RMF is the generic risk lifecycle, CMS is the operational enforcement layer, and it is the basis for the pack below.

How the publications map to ponens policies

CMS AI Guidance is an operational, enforceable layer on top of the federal frameworks (it references OMB M-25-21/M-25-22 and the NIST AI RMF). Its six business rules and recommended practices map directly to ponens policies over an AI system's operation record: high-impact use cases (the OMB M-25-21 definition) get a risk assessment and a human final decision; sensitive data (PHI/SPII) is used only with approved tools; foreign-entity AI may run only on CMS infrastructure with no internet egress; AI-supported official actions are retained; and continuous human oversight is required.

It also specifies concrete operational security that distinguishes it from the lifecycle frameworks: verify the provenance and integrity of AI components (System Composition Analysis), apply zero-trust — data minimization and network segmentation — to AI tools that can reach outbound, and instrument production AI with observability. Notably, CMS mandates tracking 'traces, EVALs, prompt management/versioning, and key metrics' — which is precisely the governance-semantic telemetry ponens evaluates, so this pack is close to a literal implementation of the guidance. Running it with ponens trace check aggregates to Green / Amber / Red across use-case governance, data protection & residency, supply-chain/zero-trust, and observability/records.

CMS AI Guidance (TRA)

The CMS Technical Reference Architecture AI Guidance — business rules BR-AI-1..6 plus operational practices (provenance, zero-trust, observability) — as computable policies over an AI system's operation record.

Open in gallery 13 Read the spec →

Maps the CMS TRA AI Guidance onto ponens policies: high-impact use-case governance and human oversight (BR-AI-2/4/5), sensitive-data and data-residency rules (BR-AI-1/3), AI supply-chain provenance and zero-trust security, and observability/prompt-versioning/records-retention (BR-AI-6). The operational enforcement layer above the NIST AI RMF, for federal healthcare AI.

Source: CMS TRA Artificial Intelligence Guidance (BR-AI-1..6).

Use-Case Governance & Oversight 4

cms_ai_policy_human_review warning

CMS: Human Review of AI-Written Policy

Use of AI tools to draft CMS policies is followed by human review; AI supports but does not substitute for human decisions.

G(ai_written_policy → human_review)

cms_continuous_human_oversight error

CMS: Continuous Human Oversight

Continuous human oversight is in place to ensure AI/ML output meets CMS and federal guidelines.

G((Deploy ∨ Output) → P(human_oversight))

cms_high_impact_human_final_decision error

CMS: Human Makes High-Impact Final Decision

For high-impact cases, AI provides advice/recommendations only; the final decision is made by qualified staff with documented oversight.

G(high_impact_decision → human_final_decision ∧ documented_oversight)

cms_high_impact_risk_assessed error

CMS: High-Impact Use Case Risk-Assessed

High-impact AI use cases (per OMB M-25-21) undergo a CMS AI governance risk assessment and apply minimum risk-management practices.

G(high_impact_ai → P(risk_assessment_done))

Data Protection & Residency 4

cms_data_residency error

CMS: Data Residency / On-Prem Foreign AI

Foreign-entity AI tools are used only if deployed on CMS infrastructure with no data sent to the internet (CMS data stays in the U.S.).

G(foreign_ai → on_cms_infrastructure ∧ no_internet_egress)

cms_external_ai_data_agreement warning

CMS: External AI Data-Use Agreement

External AI tools that can access non-public CMS data have appropriate data-use agreements in place beforehand.

G(external_ai → P(data_use_agreement))

cms_privacy_preserving_nonprod warning

CMS: Privacy-Preserving Non-Prod Data

Development and lower environments use synthetic or de-identified data rather than real PII/PHI.

G(nonprod_data → synthetic_or_deidentified)

cms_sensitive_data_compliant_tool error

CMS: Sensitive Data Only With Compliant Tool

PHI / sensitive PII and other sensitive data are used only with AI tools that meet HHS/CMS cybersecurity & privacy standards.

G(sensitive_data_use → approved_tool)

Supply-Chain & Zero-Trust 2

cms_ai_provenance_verified error

CMS: AI Component Provenance Verified

The provenance and integrity of AI components (models, data, code) used in production are verified.

G(ai_component → provenance_verified)

cms_zero_trust_for_ai error

CMS: Zero-Trust for AI

AI tools that can make outbound requests are constrained by data minimization and network segmentation to contain the blast radius.

G(ai_outbound_capable → data_minimization ∧ network_segmented)

Observability & Records 3

cms_production_observability warning

CMS: Production AI Observability

Production AI systems implement observability — traces, evaluations (EVALs), and key metrics tracked over time.

G((Deploy ∨ Output) → P(observability_enabled))

cms_prompts_versioned warning

CMS: Production Prompts Versioned

AI system prompts used in production are versioned and their performance reviewed over time.

G(production_ai → prompts_versioned)

cms_records_retention error

CMS: AI-Supported Actions Retained

AI-supported official actions and AI-generated content are retained per records-retention and FOIA requirements.

G(ai_supported_action → records_retained)